1 |
Am 05.07.2018 um 00:25 schrieb Mick: |
2 |
> On Wednesday, 4 July 2018 19:32:33 BST gevisz wrote: |
3 |
>> 2018-07-04 21:01 GMT+03:00 Mick <michaelkintzios@×××××.com>: |
4 |
>>> On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote: |
5 |
>>>> 2018-07-04 11:55 GMT+03:00 Alex Thorne <lexiconifernelius@×××××.com>: |
6 |
>>>>>> I use rsync and get the following for more than a day now; |
7 |
>>>>>> |
8 |
>>>>>> !!! Manifest verification failed: |
9 |
>>>>>> OpenPGP verification failed: |
10 |
>>>>>> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC |
11 |
>>>>>> gpg: using RSA key |
12 |
>>>>>> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 |
13 |
>>>>>> gpg: Can't check signature: No public key |
14 |
>>>>> |
15 |
>>>>> I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no |
16 |
>>>>> longer |
17 |
>>>>> installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how |
18 |
>>>>> this |
19 |
>>>>> happened. Perhaps it somehow got into `emerge --depclean` and I didn't |
20 |
>>>>> catch it. |
21 |
>>>> |
22 |
>>>> No. Gentoo maintainers just overlooked that all Gentoo signing keys |
23 |
>>>> expired |
24 |
>>>> on July 1, and added new openpgp-keys-gentoo into portage tree only on |
25 |
>>>> July |
26 |
>>>> 2. |
27 |
>>>> |
28 |
>>>> So, since July 1, rsync cannot verify any new portage tree and cannot |
29 |
>>>> download app-crypt/openpgp-keys-gentoo-release-20180702 |
30 |
>>>> |
31 |
>>>> It was discovered in the thread |
32 |
>>>> "All Gentoo signing key expired and no way to fix it" |
33 |
>>> |
34 |
>>> Is there a documented manual workaround we could follow at present, |
35 |
>>> irrespective of our sync'ing mechanism of choice? |
36 |
>> |
37 |
>> For me, it somehow worked by manually refreshing the Gentoo signing keys by |
38 |
>> executing the following two commands: |
39 |
>> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys |
40 |
>> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys |
41 |
>> 0xDB6B8C1F96D8BF6D in different order and sourcing /etc/profile |
42 |
>> |
43 |
>> But, please, note that I use emerge-webrsync to update the portage tree. |
44 |
> |
45 |
> Thanks gevisz, the first line to refresh keys fails, because in /var/lib/ |
46 |
> gentoo/ I only have a news/ subdirectory. |
47 |
> |
48 |
> Interestingly, I already have app-crypt/openpgp-keys-gentoo-release installed, |
49 |
> but still get 'gpg: Can't check signature: No public key' error when running |
50 |
> rsync. |
51 |
> |
52 |
I had the same error (no public key) and fixed it today with a simple |
53 |
re-emerge. After that, sync runs without a problem. |
54 |
|
55 |
Your keyfile location depends on the way you sync (git,rsync,webrsync). |
56 |
There is a nice wiki page for this.[1] |
57 |
|
58 |
I use portage with rsync, so I don't need app-crypt/gentoo-keys which |
59 |
should install the keyring for webrsync. |
60 |
|
61 |
First, i moved /usr/share/openpgp-keys/gentoo-release.asc, looked for |
62 |
the right key id, fetched the key from the keyserver, there was no |
63 |
difference because the Key ID published on gentoo.org is too old :-D |
64 |
|
65 |
|
66 |
After updating |
67 |
=app-crypt/openpgp-keys-gentoo-release-20180702 |
68 |
|
69 |
=app-crypt/openpgp-keys-gentoo-release-20180703 |
70 |
|
71 |
|
72 |
I've no clue why portage uses a key for only 1 day, but - everything |
73 |
works :-) |
74 |
|
75 |
|
76 |
[1] https://wiki.gentoo.org/wiki/Portage_Security |